Security context aware telemetry
Abstract
An information handling system has a storage device including a telemetry log, a BIOS configured to provide BIOS status data and BIOS security data, an OS configured to provide OS status data and OS security data, and a security management module. The security management module determines whether the information handling system is in a low-threat state or a high-threat state. When the information handling system is in the low-threat state, the security management module directs the BIOS to store the BIOS status data to the telemetry log and the OS to store the OS status data to the telemetry log. When the information handling system is in the high-threat state, the security management module directs at least one of the BIOS to store the BIOS security data and the OS to store the OS security data.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . An information handling system, comprising:
a storage device including a telemetry log; a basic input/output system (BIOS) configured to provide BIOS status data and BIOS security data; an operating system (OS) configured to provide OS status data and OS security data; and a security manager instantiated on a processor and configured to determine whether the information handling system is in a low-threat state or a high-threat state, to direct the BIOS to store the BIOS status data to the telemetry log and the OS to store the OS status data to the telemetry log when the information handling system is in the low-threat state, and to direct at least one of the BIOS to store the BIOS security data and the OS to store the OS security data when the information handling system is in the high-threat state, wherein the security manager includes a telemetry policy module that provides correlations between the BIOS status data and the OS status data, wherein the security manager is further configured to determine a threat state based on the correlations.
2 . The information handling system of claim 1 , wherein, when the information handling system is in the high-threat state, the security manager is further configured to direct the at least one of the BIOS to store the BIOS security data to the telemetry log and the OS to store the OS security data to the telemetry log.
3 . The information handling system of claim 2 , wherein, when the security manager directs the BIOS to store the BIOS security data to the telemetry log, the security manager further directs the OS to halt storing the OS status data to the telemetry log.
4 . The information handling system of claim 2 , wherein, when the security manager directs the OS to store the OS security data to the telemetry log, the security manager further directs the BIOS to halt storing the BIOS status data to the telemetry log.
5 . The information handling system of claim 1 , wherein, when the information handling system is in the high-threat state, the security manager is further configured to direct the at least one of the BIOS to store the BIOS security data to a location other than the telemetry log and the OS to store the OS security data to the other location.
6 . The information handling system of claim 5 , wherein, when the security manager directs the BIOS to store the BIOS security data to the other location, the security manager further directs the BIOS to continue storing the OS status data to the telemetry log.
7 . The information handling system of claim 5 , wherein, when the security manager directs the OS to store the OS security data to the other location, the security manager further directs the OS to continue storing the OS status data to the telemetry log.
8 . The information handling system of claim 1 , further comprising:
a baseboard management controller (BMC), wherein the security manager is included in the BMC.
9 . The information handling system of claim 1 , wherein the threat state includes one of a low-threat state and a high-threat state.
10 . A method, comprising:
providing, in a storage device of an information handling system, a telemetry log; providing, by a basic input/output system (BIOS) of the information handling system, BIOS status data and BIOS security data; providing, by an operating system (OS) of the information handling system, OS status data and OS security data; determining, by a security manager of the information handling system, whether the information handling system is in a low-threat state or a high-threat state; directing the BIOS to store the BIOS status data to the telemetry log and the OS to store the OS status data to the telemetry log when the information handling system is in the low-threat state; and directing at least one of the BIOS to store the BIOS security data and the OS to store the OS security data when the information handling system is in the high-threat state; wherein, when the information handling system is in the high-threat state, the method further comprises directing the at least one of the BIOS to store the BIOS security data to a locations other than the telemetry log and the OS to store the OS security data to the other location; and wherein when the security manager directs the BIOS to store the BIOS security data to the other location, the method further comprises directing the BIOS to continue storing the OS status data to the telemetry log.
11 . The method of claim 10 , wherein, when the information handling system is in the high-threat state, the method further comprises directing the at least one of the BIOS to store the BIOS security data to the telemetry log and the OS to store the OS security data to the telemetry log.
12 . The method of claim 11 wherein, when the security manager directs the BIOS to store the BIOS security data to the telemetry log, the method further comprises directing the OS to halt storing the OS status data to the telemetry log.
13 . The method of claim 11 wherein, when the security manager directs the OS to store the OS security data to the telemetry log, the method further comprises directing the BIOS to halt storing the BIOS status data to the telemetry log.
14 . The method of claim 10 , wherein when the security manager directs the OS to store the OS security data to the other location, the method further comprises:
directing the OS to continue storing the OS status data to the telemetry log.
15 . The method of claim 10 further comprising providing, on the information handling system, a baseboard management controller (BMC), wherein the security manager is included in the BMC.
16 . The method of claim 15 wherein the BMC further includes a telemetry policy module, the policy module including correlations between the BIOS status data and the OS status data, and wherein the security manager determines whether the information handling system is in the low-threat state or the high-threat state based upon the correlations.
17 . An information handling system, comprising:
a storage device including a telemetry log; a basic input/output system (BIOS) configured to provide BIOS status data and BIOS security data; an operating system (OS) configured to provide OS status data and OS security data; a baseboard management controller (BMC) configured to provide BMC status data and BMC security data; and a security manager instantiated on a processor and configured to 1) determine whether the information handling system is in a low-threat state or a high-threat state, 2) direct the BIOS to store the BIOS status data to the telemetry log, the OS to store the OS status data to the telemetry log, and the BMC to store the BMC status data to the telemetry log when the information handling system is in the low-threat state, and 3) direct at least one of the BIOS to store the BIOS security data, the OS to store the OS security data, and the BMC to store the BMC security data when the information handling system is in the high-threat state, wherein the security manager includes a telemetry policy module that provides correlations between the BIOS status data and the OS status data, wherein the security manager is further configured to determine a threat state based on the correlations.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.